-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 5 Oct 2017, Michael Fox wrote:
I'm trying to understand what triggers the setting of
$SuspiciousCharsInHeaders and $SuspiciousCharsInBody? All I can find are
circular definitions that vaguely mention possible exploits. But no
specifics are given. Before I use either of these, I'd like to understand
better what constitutes "suspicious" in both cases.
suspicious :=
If header or body has a \r without \n
If the body has an embedded \0
Do you bounce every message that for which $SuspiciousCharsInHeaders is
true?
Yep, but haven't triggered long time now.
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEVAwUBWdXwI1GgR0+MU/4GAQKoEAgAqPr5WQ4e0I+KpsUvIUQ7J5Zi7+IuUkcu
JysdONlSL93FagfeP92+JlU+UE6aeGM9a/Lz2/fS4FRtYV1YUoQlcPuFSOxliyI5
grC9qW2ub8P8ZksHHWPJdALB385fhgsltFGKCiwDC18aQXzB7dO/AjTJyXzGS4lq
UKklpD5GUehjUhWi2811Br/3JkFbRsNkt1C818m21RTF3OWTIoq9n4Myh2HLi29n
C6veIk/IqM8YA6ufGjFFOjalaztqFPTES6TpUWTMh0dch/WJiLQzqjQJWziBIFqo
a/U5RQRb91od4B7BIxlyDYfaPZw5+b+2iO4ywjzBQr4QKvwSB5kvSw==
=HHoI
-----END PGP SIGNATURE-----
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
